Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 14:21
Static task
static1
Behavioral task
behavioral1
Sample
e1e038644262e3d6878ebee04f0a6889.exe
Resource
win7-20240221-en
General
-
Target
e1e038644262e3d6878ebee04f0a6889.exe
-
Size
256KB
-
MD5
e1e038644262e3d6878ebee04f0a6889
-
SHA1
fd5e52845ea34fd37b04d609d5417209f3272fa1
-
SHA256
9b1a8d531e2e236b985adac7282d693ac8c5f8136bfa6071ff32821c9c3dc342
-
SHA512
c932e9fa7eb480332253b66d0d9a31c64a9ef00b73e0f837a50a394d41c45dfe20ce635fafa9792673a43a135ef9769747a38caca170f304eac03d0352663889
-
SSDEEP
3072:nDt64f+TPTRK3a1o5ZlbmvvzT0s2rRsamQN6ahC1bBz7zU/WZAn53mkZ8f7QJ4r:nUJTymjT0s/76C1bxsUAnLZe73r
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3456 e1e038644262e3d6878ebee04f0a6889mgr.exe -
Loads dropped DLL 1 IoCs
pid Process 3456 e1e038644262e3d6878ebee04f0a6889mgr.exe -
resource yara_rule behavioral2/memory/3456-7-0x0000000000400000-0x0000000000468000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 1528 3456 WerFault.exe 96 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3988 wrote to memory of 3456 3988 e1e038644262e3d6878ebee04f0a6889.exe 96 PID 3988 wrote to memory of 3456 3988 e1e038644262e3d6878ebee04f0a6889.exe 96 PID 3988 wrote to memory of 3456 3988 e1e038644262e3d6878ebee04f0a6889.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1e038644262e3d6878ebee04f0a6889.exe"C:\Users\Admin\AppData\Local\Temp\e1e038644262e3d6878ebee04f0a6889.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3988 -
C:\Users\Admin\AppData\Local\Temp\e1e038644262e3d6878ebee04f0a6889mgr.exeC:\Users\Admin\AppData\Local\Temp\e1e038644262e3d6878ebee04f0a6889mgr.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3456 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 101763⤵
- Program crash
PID:1528
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3456 -ip 34561⤵PID:1676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:81⤵PID:984
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
163KB
MD532e2446e5ea8b44ee87ed1dec23ea040
SHA11341be8ec8be902630fc92657b10016c5d83c14b
SHA2561f261c1a1c5e7c051cbc0332db237c8e7335661251af2d950b05edd6d515f170
SHA51295b36862faec87482a2dd6aa16a2bbcfe73dcd30796d4d98db7ae6b46ec73c4f6de9880c7e8042697ffc5fddb296bd4610e69b0fb8275566c5cd3e85d9e693f6
-
Filesize
1.6MB
MD54f3387277ccbd6d1f21ac5c07fe4ca68
SHA1e16506f662dc92023bf82def1d621497c8ab5890
SHA256767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac
SHA5129da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219